VYPR
Unrated severityNVD Advisory· Published Oct 8, 2014· Updated Jun 17, 2026

CVE-2014-7980

CVE-2014-7980

Description

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • Drupal/Zen9 versions
    cpe:2.3:a:drupal:zen:7.x-3.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:drupal:zen:7.x-3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:zen:7.x-3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:zen:7.x-3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:zen:7.x-5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:zen:7.x-5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:zen:7.x-5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:zen:7.x-5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:zen:7.x-5.4:*:*:*:*:*:*:*
    • (no CPE)range: <7.x-3.3, <7.x-5.5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.